UK's CiSP: Delivering cyber resilience for a decade

Guest blog by Stuart Murdoch, Founder & CEO at Surevine #techUKCyber2023

2023 is the tenth anniversary of the UK’s National Cybersecurity Information Sharing Partnership (CiSP). The CiSP collaboration environment was launched at Chatham House in March 2013. The front page of the Financial Times on that day reported it as “a secure Facebook for Cyber Threats.” CiSP has some distinctive characteristics which have made it a global case-study for how industry can work with the public sector to prepare for, respond to and recover from cyber attacks.

Over the last ten years the CiSP community grew to be the largest public-private partnership for cyber collaboration in the world, with over 17,000 users, which has resulted in a globally unique repository of data. Those users represent over 30 industry sectors including representatives of all of the UK’s Critical National Infrastructure (CNI), most of our blue-chip companies, our most prestigious research universities, and many SMEs, all collaborating with colleagues in the public sector and Law Enforcement (for example through the Regional Organised Crime Units – ROCUs).

Some of what has led to CiSP distinctiveness can be traced right back to its origins. CiSP's roots lie in Project Auburn, which was a joint industry-led initiative. Unlike many other states, where reporting is mandated by a state regulatory cyber authority, CiSP started out – and remains – an entirely voluntary partnership, instigated by industry. Many international information sharing exchanges charge (sometimes very significant) membership fees for access to their information sharing platform. The CiSP collaboration environment is supported by the public sector (currently by the UK NCSC) which makes it free for network defenders in the UK. This public sector support also ensures that concerns about anti-competitive information sharing can be overcome. In addition, the fact that the environment is provided by the NCSC (who are not a regulator) means that there are certain protections provided for the information shared, for example exemptions from the Freedom of Information Act (FOIA).

Over the lifetime of CiSP, that support has derived from different parts of UK Government. Initially, at launch in 2013 it was provided by the Office for Cyber Security and Information Assurance (OCSIA) in the Cabinet Office. In March 2014, CERT-UK was launched, and it took on the support of CISP. In 2016 NCSC UK took on that responsibility. As the support of the CiSP community has moved from one organisation to another, so have the strategic drivers. At the outset it was conceived as a platform for network defenders who had - sometimes very sensitive information (up to TLP:RED) - to share, and to have a trusted environment to do that with others who would be able to act on that information. In NCSC, it sat within the communications directorate, with very different drivers.

Given the longevity of the community, the impact of all of these changes can be seen in the data: whether those initiatives have proven successful in promoting information sharing or whether the impact, timeliness and relevance of the information shared has improved. All of this can been seen in the rich treasure-trove of data. This data not only forms a rich repository which allows analysts and users to discover how better to promote information sharing as we move into the second decade of the CiSP partnership; it allows those helping institute national strategies across the globe to understand what works (and what doesn’t) when it comes to public-private partnership.

CiSP and the collaboration environment are often conflated, but properly CiSP is the membership – the trusted community: the P in the Cybersecurity Information Sharing Partnership. The Collaboration Environment can and must change as the needs of the users change and technology evolves, but the UK has grown a globally leading, national asset in the partnership and we would be wise to ensure that we do whatever we can as industry and the public sector, to cherish that asset that gives us a mechanism to ensure that we can work together, across the economy, to keep one step ahead of the cyber threats.

Disclaimer: Stuart Murdoch is Founder & CEO of Surevine who built the CiSP collaboration environment and provide ongoing support to NCSC.

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more